Applies to Kaspersky Security Center 9
One of the main Kaspersky Security Center
functions is remote configuration of antivirus software installed on client computers. The majority of such software settings can be configured in policies. A policy
is created for a particular piece of software, and it cannot be applied to other software.
The rest of protection and update settings is configured in tasks or in the local interface.
A policy is applied to an administration group. It affects the following objects:
- The administration group;
- Its subgroups;
- Administration groups of slave servers belonging to that administration group;
It is recommended to distribute client computers into groups in such a manner that would allow assigning the same protection settings to all computers in a particular group.
The created policies are located in the Managed computers
node, tab Policies
in each administration group. Here you can create new policies and modify the existing ones. Once you modify any settings in a policy, the Administration server initiates a connection with the Network agent on client computers and relays the changes. You can view the status of an applied policy in the policy properties tab General
Besides the policies for antivirus software, there exist policies for Administration server and Network agent. The Network agent policy defines Network agent settings on client computers. The Administration server policy is required for identifying the settings of slave Administration servers.
Once you have Kaspersky Security Center installed, the computer hosting it automatically gets relocated into the Managed computers
administration group. Therefore, an Administration server policy created in that group will be applied to that Server.
A single group can contain multiple policies for a particular application, yet only one of such can be applied to client computers at a time – the one assigned with the Active policy
status. A mobile policy
can be created for Kaspersky Endpoint Security for Windows additionally. Kaspersky Endpoint Security for Windows will be switching to that mobile policy when disconnected from the Administration server for a long time (three failed Agent to Server synchronization attempts). This policy type comes in handy for groups hosting the corporate laptops often carried by employees on business trips.
Each setting in a policy can be locked/unlocked
. By default, a policy is created with locked default settings. A locked setting
is forced on client computers and cannot be modified by default:
- neither locally on client computer affected by that policy (including all levels of subgroups and slave Administration servers);
- nor in group tasks (including its level, all levels of subgroups and slave Administration servers);
- nor in policies in subgroups and on slave Administration servers).
are not forced on client computers affected by that policy. By unlocking a setting, you do not change it on client computers, but allow it to be changed locally on such client computers.